FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.KillProc2.24985

Added to the Dr.Web virus database: 2025-07-02

Virus description added:

Technical Information

Malicious functions
Terminates or attempts to terminate
the following system processes:
  • %WINDIR%\explorer.exe
  • <SYSTEM32>\taskhost.exe
  • <SYSTEM32>\dwm.exe
the following user processes:
  • iexplore.exe
  • firefox.exe
Modifies file system
Creates the following files
  • %WINDIR%y1s2fctrp3
  • %CommonProgramFiles%\microsoft shared\xakmpl epyxwn fishy (haj1oyikd,36mho73).rar.exe
  • %ProgramFiles%\dvd maker\shared\wep6b08 nom72kl hairy .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\cum nude apv53deiq9fw ash .zip.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f1i7cm beast bq4kno nrb42wq (g6u8n4r,sandy).mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\0287zh 8ok6yf hot (!) .mpg.exe
  • %ProgramFiles%\microsoft office\templates\eq7k2xcxt horse yzw1afy [bangbus] feet (liz).zip.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\8ok6yf nude uncut boots .rar.exe
  • %ProgramFiles%\windows journal\templates\wep6b08 gay 7vepaqjm ash .zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\0287zh gay nom72kl jxqgtp balls (sarah).mpg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\zc8giv9 mnho9y54 bd1l5ir [bangbus] .mpeg.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\viaz50 bd1l5ir [milf] .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\ikdyfwhy xakmpl 8ok6yf hot (!) mg9fvb2xk9 .avi.exe
  • %CommonProgramFiles(x86)%\microsoft shared\fac71w2 mnho9y54 sgu4m7oc .rar.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\wpjwijv mnho9y54 mzwpstr8n [milf] .rar.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f07qtt h93bklf l9hwcs7vvnphd9 kfp2yqq .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\beast wep6b08 [milf] ash nmibe2 .zip.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\4h1e2a346 tsomq34 uncut .mpg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\horse girls sm .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\asian porn uncut hole .mpeg.exe
  • %ALLUSERSPROFILE%\templates\upfgetx beast horse ihthd33 hairy (cy4xpd,gina).avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\asian tsomq34 horse apv53deiq9fw ae2sd7u4xh (rdl1tfkz).avi.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\asian yzw1afy horse nom72kl balls .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\h93bklf vjq39c1gwy .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\eq7k2xcxt h93bklf [free] gsva2xn .rar.exe
  • %ALLUSERSPROFILE%\templates\7b6fhxi sperm xakmpl 7vepaqjm jxqgtp .mpeg.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\zc8giv9 horse vjq39c1gwy b37oavmx289 .avi.exe
  • C:\users\default\appdata\local\temp\7nd83wovj sgu4m7oc hole .avi.exe
  • C:\users\default\appdata\local\<INETFILES>\z9z7rwe wep6b08 l9hwcs7vvnphd9 .mpeg.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\xakmpl beast sgu4m7oc ejn547rbxhd1 .mpg.exe
  • C:\users\default\templates\jxaglwti 7nd83wovj h93bklf 7vepaqjm 8bgkvshe1 (sandy).zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\f1i7cm sperm [bangbus] kfp2yqq .avi.exe
  • %TEMP%\horse girls hole 8bgkvshe1 .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\w6csjja14n1 [milf] gsva2xn .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\asian yzw1afy lpcu5ai3 hot (!) boobs balls .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\upfgetx mnho9y54 uncut legs zmc8ujp .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\s2fkave h93bklf 7nd83wovj apv53deiq9fw shoes .mpeg.exe
  • %APPDATA%\microsoft\templates\gzn4ud7e xxx 7vepaqjm .avi.exe
  • %APPDATA%\microsoft\windows\templates\asian horse [bangbus] mg9fvb2xk9 .avi.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\upfgetx cum big feet (sonja,hyo87il).avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\ddqayq 7nd83wovj vjq39c1gwy boots .avi.exe
  • %HOMEPATH%\templates\z1qxwcd h93bklf [free] fishy .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\horse girls titts zn3tvn .mpg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\s2fkave h93bklf [free] (cy4xpd).mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\gzn4ud7e w6csjja14n1 vjq39c1gwy .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\beast uncut 6tl9zg0uqa .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\ 7nd83wovj l9hwcs7vvnphd9 jxqgtp balls .zip.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\eq7k2xcxt wep6b08 [milf] jxqgtp .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\7b6fhxi nude epyxwn jxqgtp .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\eq7k2xcxt ddqayq girls kfp2yqq ejn547rbxhd1 (cy4xpd).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\yzw1afy xxx girls gsva2xn .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\s2fkave tsomq34 tsomq34 7vepaqjm (gina,haj1oyikd).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\f07qtt mnho9y54 cum l9hwcs7vvnphd9 .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\fac71w2 porn 7nd83wovj uncut legs .rar.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\8ok6yf girls gh5b6gd7wrv (sarah,jenna).mpg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z1qxwcd w6csjja14n1 [bangbus] hole b37oavmx289 .mpg.exe
  • %WINDIR%\assembly\temp\ikdyfwhy 7nd83wovj sperm sgu4m7oc .avi.exe
  • %WINDIR%\assembly\tmp\jxaglwti ddqayq epyxwn .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\porn sgu4m7oc ol6p1tua (2hbt8wr,rdl1tfkz).mpg.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\8ok6yf mnho9y54 hot (!) hairy (sonja).avi.exe
  • %WINDIR%\pla\templates\8r3baiec mzwpstr8n big .rar.exe
  • %WINDIR%\security\templates\yzw1afy ddqayq bq4kno hotel .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\ddqayq lpcu5ai3 l9hwcs7vvnphd9 b37oavmx289 .avi.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\asian cum w6csjja14n1 epyxwn .mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\wep6b08 h93bklf nom72kl (rdl1tfkz).avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\mnho9y54 lpcu5ai3 girls .rar.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\z1qxwcd xxx hot (!) hairy (2hbt8wr,sarah).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\xakmpl lpcu5ai3 bq4kno kfp2yqq boots .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\horse vjq39c1gwy feet (dehod0).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\horse sperm [milf] (rdl1tfkz).zip.exe
  • %WINDIR%\syswow64\fxstmp\z1qxwcd horse nom72kl sgu4m7oc 8bgkvshe1 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\s2fkave wep6b08 bd1l5ir bq4kno fishy (g6u8n4r).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\z1qxwcd 7nd83wovj h93bklf apv53deiq9fw titts .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 beast gay nom72kl young .mpg.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e porn horse [milf] .rar.exe
  • %WINDIR%\syswow64\ime\shared\eq7k2xcxt xakmpl hot (!) .rar.exe
  • %WINDIR%\temp\horse tsomq34 bq4kno (haj1oyikd,sandy).rar.exe
  • %WINDIR%\winsxs\installtemp\lpcu5ai3 l9hwcs7vvnphd9 (c4w8hqa).avi.exe
  • <Current directory>\sqjaed7r1vnw
  • %CommonProgramFiles%\microsoft shared\black nude gay [milf] rv0y8n .mpeg.exe
  • %CommonProgramFiles%\microsoft shared\s2fkave wep6b08 xxx 7vepaqjm 779mipj .mpg.exe
  • %ProgramFiles%\dvd maker\shared\f1i7cm h93bklf lpcu5ai3 uncut 40+ .mpg.exe
  • %ProgramFiles%\dvd maker\shared\z9z7rwe nude tsomq34 uncut lzxyhb7k .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\black 7nd83wovj sperm ihthd33 titts (rdl1tfkz,g6u8n4r).mpeg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\documentshare\upfgetx w6csjja14n1 yzw1afy [bangbus] hole balls (cy4xpd).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\f1i7cm w6csjja14n1 yzw1afy [free] glans qx2j1b5 .mpg.exe
  • %ProgramFiles%\microsoft office\office14\groove\tooldata\groove.net\grooveforms\formstemplates\mzwpstr8n nom72kl latex (sonja,jade).rar.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\gzn4ud7e w6csjja14n1 nom72kl 7vepaqjm nmibe2 .avi.exe
  • %ProgramFiles%\microsoft office\office14\groove\xml files\space templates\tsomq34 girls glans 40+ .mpeg.exe
  • %ProgramFiles%\microsoft office\templates\sperm vjq39c1gwy cock .avi.exe
  • %ProgramFiles%\microsoft office\templates\mnho9y54 girls titts .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\gzn4ud7e 7nd83wovj nom72kl girls cock latex .avi.exe
  • %ProgramFiles%\microsoft office\templates\1033\onenote\14\notebook templates\ hot (!) titts 50+ (y8oxsqa).zip.exe
  • %ProgramFiles%\windows journal\templates\horse nom72kl 6tl9zg0uqa .mpeg.exe
  • %ProgramFiles%\windows journal\templates\f07qtt xakmpl lpcu5ai3 l9hwcs7vvnphd9 lady .rar.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\gay uncut (liz).zip.exe
  • %ProgramFiles%\windows sidebar\shared gadgets\gay epyxwn .zip.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\fac71w2 ddqayq lpcu5ai3 l9hwcs7vvnphd9 hole .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\idtemplates\yzw1afy vjq39c1gwy js80j73 .rar.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\black ddqayq yzw1afy [bangbus] hole qq6w54yfhtqrbwcslg .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files\f1i7cm porn horse uncut hotel .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\beast nom72kl cock latex .avi.exe
  • %ProgramFiles(x86)%\adobe\acrobat reader dc\reader\webresources\resource0\static\js\plugins\my-sharepoint-files-select\8r3baiec w6csjja14n1 gay ihthd33 titts .zip.exe
  • %CommonProgramFiles(x86)%\microsoft shared\eq7k2xcxt ddqayq yzw1afy l9hwcs7vvnphd9 titts .mpg.exe
  • %CommonProgramFiles(x86)%\microsoft shared\upfgetx bd1l5ir lpcu5ai3 [free] young .mpg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\gzn4ud7e cum mzwpstr8n 7vepaqjm feet 50+ .mpeg.exe
  • %ProgramFiles(x86)%\microsoft visual studio 8\common7\ide\vsta\itemtemplates\eq7k2xcxt wep6b08 tsomq34 hot (!) hole 50+ .mpg.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\f1i7cm porn nom72kl epyxwn 8pfmdyy .zip.exe
  • %ProgramFiles(x86)%\windows sidebar\shared gadgets\upfgetx w6csjja14n1 lpcu5ai3 [milf] hairy .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe horse gay [free] 8pfmdyy .rar.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\f07qtt xakmpl horse [free] fw58kpr41ob1w .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e nude mnho9y54 l9hwcs7vvnphd9 hole .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\8r3baiec porn lpcu5ai3 nom72kl hotel .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\f1i7cm cum horse vjq39c1gwy shoes .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\gzn4ud7e 8ok6yf mzwpstr8n sgu4m7oc feet girly (c4w8hqa).zip.exe
  • %ALLUSERSPROFILE%\templates\mzwpstr8n sgu4m7oc feet .mpg.exe
  • %ALLUSERSPROFILE%\templates\sperm vjq39c1gwy 8pfmdyy (36mho73,g6u8n4r).zip.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\s2fkave cum lpcu5ai3 [free] glans .avi.exe
  • %ALLUSERSPROFILE%\microsoft\rac\temp\z9z7rwe w6csjja14n1 horse bq4kno .mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\gzn4ud7e h93bklf lpcu5ai3 7vepaqjm titts (jenna,y8oxsqa).mpeg.exe
  • %ALLUSERSPROFILE%\microsoft\search\data\temp\mzwpstr8n apv53deiq9fw feet shoes (g6u8n4r).rar.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\upfgetx h93bklf sperm hot (!) cock shoes .zip.exe
  • %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\sharepoint\black bd1l5ir xxx [free] eigt45 .zip.exe
  • %ALLUSERSPROFILE%\templates\mnho9y54 [milf] 8bgkvshe1 .avi.exe
  • %ALLUSERSPROFILE%\microsoft\windows\templates\z9z7rwe xakmpl yzw1afy epyxwn 8bgkvshe1 .rar.exe
  • C:\users\default\appdata\local\microsoft\windows\<INETFILES>\8r3baiec xakmpl yzw1afy nom72kl hole .mpeg.exe
  • C:\users\default\appdata\local\temp\mzwpstr8n big glans .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\sperm nom72kl hole gsva2xn .zip.exe
  • %ALLUSERSPROFILE%\templates\eq7k2xcxt nude mnho9y54 epyxwn ae2sd7u4xh .zip.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\ ihthd33 glans 40+ (cy4xpd).zip.exe
  • C:\users\default\appdata\local\temp\wpjwijv yzw1afy epyxwn fw58kpr41ob1w .mpg.exe
  • C:\users\default\templates\z9z7rwe ddqayq tsomq34 sgu4m7oc 8pfmdyy .rar.exe
  • C:\users\default\appdata\local\<INETFILES>\fac71w2 porn mzwpstr8n 7vepaqjm hole 8bgkvshe1 .rar.exe
  • C:\users\default\appdata\roaming\microsoft\windows\templates\sperm sgu4m7oc hole .rar.exe
  • C:\users\default\templates\fac71w2 ddqayq gay epyxwn hotel .avi.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\s2fkave h93bklf tsomq34 apv53deiq9fw feet ejn547rbxhd1 .zip.exe
  • %LOCALAPPDATA%\microsoft\windows\<INETFILES>\eq7k2xcxt h93bklf xxx bq4kno nrb42wq (sandy,sarah).mpeg.exe
  • %TEMP%\ big feet (hyo87il,2hbt8wr).mpeg.exe
  • %TEMP%\fac71w2 wep6b08 mzwpstr8n apv53deiq9fw 8pfmdyy .mpg.exe
  • %LOCALAPPDATA%\<INETFILES>\f07qtt w6csjja14n1 sperm uncut hole js80j73 .zip.exe
  • %LOCALAPPDATA%\<INETFILES>\beast girls glans .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\eq7k2xcxt cum yzw1afy [free] feet .mpg.exe
  • %LOCALAPPDATA%low\mozilla\temp-{070abd97-84e1-4f5f-9c02-f1d76dd9fce4}\nom72kl uncut titts .avi.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f07qtt ddqayq apv53deiq9fw feet qq6w54yfhtqrbwcslg .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{1fae114c-c2b0-4da1-b23a-8e5ad0c3d722}\f1i7cm ddqayq beast big qq6w54yfhtqrbwcslg .rar.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\s2fkave porn yzw1afy epyxwn feet nmibe2 .zip.exe
  • %LOCALAPPDATA%low\mozilla\temp-{3571406e-c08c-4c74-b145-8857b365f6e7}\upfgetx ddqayq xxx vjq39c1gwy rv0y8n .rar.exe
  • %APPDATA%\microsoft\templates\mnho9y54 girls shoes .mpeg.exe
  • %APPDATA%\microsoft\templates\beast 7vepaqjm (g6u8n4r).rar.exe
  • %APPDATA%\microsoft\windows\templates\tsomq34 [milf] latex (sandy,2hbt8wr).rar.exe
  • %APPDATA%\microsoft\windows\templates\mnho9y54 epyxwn zn3tvn .rar.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\z9z7rwe nude mnho9y54 uncut hole gh5b6gd7wrv .zip.exe
  • %APPDATA%\mozilla\firefox\profiles\v08trqk6.default-release\storage\temporary\fac71w2 7nd83wovj nom72kl girls fishy .avi.exe
  • %APPDATA%\thunderbird\profiles\chdgbv82.default-release\storage\temporary\f07qtt w6csjja14n1 beast uncut cock sweet .rar.exe
  • %HOMEPATH%\templates\horse nom72kl feet .mpeg.exe
  • %HOMEPATH%\templates\black 7nd83wovj horse sgu4m7oc .zip.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\nom72kl 7vepaqjm .avi.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\horse uncut feet boots (cy4xpd).rar.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\sperm epyxwn (y8oxsqa).mpeg.exe
  • %WINDIR%\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec bd1l5ir sperm epyxwn feet zn3tvn .mpg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\sperm uncut .mpeg.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor\xxx 7vepaqjm 8bgkvshe1 .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\8r3baiec cum horse [bangbus] titts b37oavmx289 .rar.exe
  • %WINDIR%\assembly\gac_64\microsoft.grouppolicy.admtmpleditor.resources\nom72kl l9hwcs7vvnphd9 ash .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\tsomq34 l9hwcs7vvnphd9 .avi.exe
  • %WINDIR%\assembly\gac_64\microsoft.sharepoint.businessdata.administration.client\beast l9hwcs7vvnphd9 feet 8bgkvshe1 .mpeg.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\nom72kl [milf] ae2sd7u4xh .rar.exe
  • %WINDIR%\assembly\gac_msil\microsoft.sharepoint.businessdata.administration.client.intl\sperm girls titts gsva2xn .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yzw1afy girls feet .avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\yzw1afy girls mg9fvb2xk9 .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\yzw1afy [bangbus] hole (36mho73,c4w8hqa).rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_32\temp\zap9e41.tmp\gzn4ud7e cum mzwpstr8n bq4kno wifey .zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\nom72kl hot (!) glans 6tl9zg0uqa .mpeg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\horse bq4kno titts .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\beast epyxwn cock sm .mpg.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\ l9hwcs7vvnphd9 (jade).avi.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zap6b8e.tmp\mzwpstr8n apv53deiq9fw fw58kpr41ob1w .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\upfgetx 8ok6yf horse epyxwn cock gh5b6gd7wrv .rar.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape291.tmp\nom72kl uncut (2hbt8wr).zip.exe
  • %WINDIR%\assembly\nativeimages_v2.0.50727_64\temp\zape56e.tmp\xxx apv53deiq9fw hole .zip.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\nom72kl [bangbus] cock sm (karin).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_32\temp\eq7k2xcxt porn gay vjq39c1gwy glans .avi.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\f07qtt horse xxx 7vepaqjm fw58kpr41ob1w .zip.exe
  • %WINDIR%\assembly\temp\yzw1afy uncut cock .rar.exe
  • %WINDIR%\assembly\tmp\horse [milf] 8pfmdyy (gina,sarah).mpeg.exe
  • %WINDIR%\assembly\nativeimages_v4.0.30319_64\temp\z9z7rwe w6csjja14n1 xxx l9hwcs7vvnphd9 nmibe2 .rar.exe
  • %WINDIR%\assembly\temp\eq7k2xcxt porn beast girls glans lzxyhb7k .mpg.exe
  • %WINDIR%\assembly\tmp\f07qtt cum nom72kl [milf] feet .mpg.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\lpcu5ai3 apv53deiq9fw hole sweet (karin).rar.exe
  • %WINDIR%\microsoft.net\framework\v4.0.30319\temporary asp.net files\mnho9y54 bq4kno sweet (36mho73,karin).rar.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\8r3baiec bd1l5ir yzw1afy apv53deiq9fw .zip.exe
  • %WINDIR%\microsoft.net\framework64\v4.0.30319\temporary asp.net files\nom72kl l9hwcs7vvnphd9 titts zn3tvn .avi.exe
  • %WINDIR%\pla\templates\f07qtt bd1l5ir xxx l9hwcs7vvnphd9 (jade).rar.exe
  • %WINDIR%\pla\templates\lpcu5ai3 vjq39c1gwy cock lzxyhb7k .mpeg.exe
  • %WINDIR%\security\templates\lpcu5ai3 girls .rar.exe
  • %WINDIR%\security\templates\gzn4ud7e xakmpl horse epyxwn nmibe2 (rdl1tfkz,sarah).mpeg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\nom72kl bq4kno ae2sd7u4xh .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\microsoft\windows\<INETFILES>\xxx apv53deiq9fw titts (sandy,jade).mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\s2fkave nude 7vepaqjm hole 40+ .rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\local\temp\tsomq34 7vepaqjm .mpg.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\f1i7cm horse yzw1afy [free] (sarah).rar.exe
  • %WINDIR%\serviceprofiles\localservice\appdata\roaming\microsoft\windows\templates\eq7k2xcxt h93bklf lpcu5ai3 sgu4m7oc hole sgoibhh .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\z9z7rwe horse horse hot (!) titts eigt45 (sarah).mpg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\mnho9y54 7vepaqjm .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\microsoft\windows\<INETFILES>\fac71w2 ddqayq sperm vjq39c1gwy feet .avi.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\8r3baiec h93bklf yzw1afy girls hole .mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\local\temp\horse sgu4m7oc hole ae2sd7u4xh (dxocjwba).mpeg.exe
  • %WINDIR%\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\templates\yzw1afy big titts .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\fac71w2 wep6b08 gay [milf] hotel .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\s2fkave porn xxx uncut hole balls .zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\fac71w2 horse gay epyxwn feet zn3tvn (g6u8n4r).zip.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\f1i7cm bd1l5ir sperm vjq39c1gwy feet 40+ .rar.exe
  • %WINDIR%\syswow64\fxstmp\7b6fhxi xxx nom72kl qx2j1b5 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\beast girls titts b37oavmx289 .mpeg.exe
  • %WINDIR%\syswow64\ime\shared\black horse yzw1afy apv53deiq9fw glans balls (g6u8n4r).avi.exe
  • %WINDIR%\syswow64\config\systemprofile\8r3baiec horse beast bq4kno zn3tvn .rar.exe
  • %WINDIR%\syswow64\config\systemprofile\mnho9y54 bq4kno (2hbt8wr).mpg.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\s2fkave cum [bangbus] hole nrb42wq .avi.exe
  • %WINDIR%\syswow64\config\systemprofile\appdata\local\microsoft\windows\<INETFILES>\upfgetx 7nd83wovj lpcu5ai3 epyxwn glans rv0y8n (liz).mpeg.exe
  • %WINDIR%\syswow64\fxstmp\gzn4ud7e 7nd83wovj gay [free] glans fishy .avi.exe
  • %WINDIR%\syswow64\fxstmp\black bd1l5ir apv53deiq9fw nrb42wq (sonja,karin).rar.exe
  • %WINDIR%\syswow64\ime\shared\sperm vjq39c1gwy zmc8ujp (haj1oyikd,sarah).rar.exe
  • %WINDIR%\syswow64\ime\shared\8r3baiec wep6b08 horse girls sgoibhh (dehod0,karin).avi.exe
  • %WINDIR%\temp\upfgetx w6csjja14n1 yzw1afy ihthd33 (sarah).avi.exe
  • %WINDIR%\temp\mzwpstr8n hot (!) ejn547rbxhd1 .rar.exe
  • %WINDIR%\winsxs\installtemp\h93bklf xxx bq4kno feet lzxyhb7k .mpg.exe
  • %WINDIR%\winsxs\installtemp\8ok6yf lpcu5ai3 l9hwcs7vvnphd9 hole .rar.exe
Miscellaneous
Searches for the following windows
  • ClassName: 'Progman' WindowName: ''
  • ClassName: 'Proxy Desktop' WindowName: ''
Restarts the analyzed sample
Executes the following
  • '%WINDIR%\explorer.exe'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play